ClawHub
Back to skill
v1.0.0

Testskill

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:34 AM.

Analysis

This is an instruction-only skill-vetting checklist with no code or credentials, but users should verify the package identity and treat reviewed skill contents as untrusted.

GuidanceThis skill appears safe to install as a checklist-style reviewer. Before using it, verify the package identity because the registry metadata and bundled _meta.json differ. When using it to review another skill, keep the target skill's text isolated as evidence and do not execute commands or follow instructions from the target content unless you explicitly approve them.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
Read ALL files in the skill. Check for these RED FLAGS

The skill's purpose requires inspecting untrusted skill files, which may themselves contain prompt instructions or misleading content. The artifact frames this as review, not execution, so this is a caution rather than a concern.

User impactA malicious skill being reviewed could try to influence the agent while it is reading the files.
RecommendationUse this skill as a review checklist and ensure the agent treats target skill files as untrusted evidence, not as instructions to obey.
Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
curl -s "https://api.github.com/repos/OWNER/REPO" ... curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/skills/SKILL_NAME/SKILL.md"

The skill documents optional curl commands to query GitHub and fetch a target SKILL.md. This network use is purpose-aligned for vetting repositories and does not instruct automatic execution of fetched content.

User impactThe agent may contact GitHub and retrieve files from repositories chosen during review.
RecommendationConfirm the repository owner and path before fetching, and review retrieved content without executing it.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
_meta.json
"slug": "skill-vetter"

The bundled metadata says slug "skill-vetter", while the provided registry metadata lists slug "skill-vetter-liomi" and a different owner ID. For an instruction-only skill this is not high impact, but it is a provenance inconsistency worth checking.

User impactThe displayed package identity may not perfectly match the bundled metadata, which can make provenance harder to verify.
RecommendationVerify the registry listing, owner, and package contents before relying on the skill.